Encryption between Java web services and clients has two tasks:

Enabling HTTPS

Corticon Server supports encrypted communications between the web server and a web service client. If you attempt to use the default HTTPS port, 8851 - for example, connecting from the Web Console - you get a security message indicating that your connection is not private. If you want to use HTTPS, you must enable the HTTPS connections.

Note: The following procedure pertains to the security of communication between the client application and the Server. To enable HTTPS communication between the Server and the client, you must obtain and install public key certificates for the Server host machine and complete separate configuration procedures for each deployed Client service and for the Server.

To enable HTTPS on Corticon Server for Java:

  1. Obtain a private key and a Web server digital certificate.
  2. Install the Web server digital certificate in the Web server.
  3. Start the Corticon Server. When startup is complete, stop it. The initial startup creates the web.xml file.
  4. Edit the file web.xml located at [CORTICON_HOME]\Server\tomcat\webapps\axis\WEB-INF\ to uncomment the following section: 
    <security-constraint>
  <web-resource-collection>
    <web-resource-name>Corticon Server</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
...
</security-constraint>
    Add in the following block to replace … above:
      <user-data-constraint>
     <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
    Note: If you already uncommented this section to enable Basic Authentication, review the web-resource-collection defined, and then add the user-data-constraint transport-guarantee block.
  5. Save the file.

When you restart the Corticon Server, HTTPS is enabled on its default port, 8851.

Note: TLS for Tomcat requires clients to use Java 8 - The Apache Tomcat application server bundled with Corticon is configured to use TLSv1.2 while the installed HTTPS client classes might have TLSv1.2 disabled, and then attempt to use TLSv1. Using the Java 8 JVM for clients resolves this issue.

Enabling a client to publish to a secure Corticon Server

Corticon Studio supports encrypted communications to a Corticon Server. To enable HTTPS communication between the Server and the Client, you must obtain and install public key certificates for the Corticon Studio. The public certificate then needs to be imported to the Java keystore for the Corticon Studio.

If you want to enable HTTPS communications, your Corticon Studio clients must also be configured to allow secure HTTPS communications with the Corticon Server. Enabling the Corticon Studio to publish to a secure Corticon Java Server , Corticon Studio supports Transport Layer Security (TLS)-enabled communications to a Corticon Server. To enable TLS communication between the Server and the Client, you must obtain and install public key certificates for the Corticon Studio. The public certificate then needs to be imported to the Java keystore for the Corticon Studio. The typical technique for doing that is to first create a keystore by running the following command from a command prompt: 
keytool.exe -genkey -keystore my.keystore -storepass myPwd
Then, from the command prompt, run the following command to import the certificate: 
keytool.exe  -import -alias [server] -file [server].der -keystore my.keystore -storepass myPwd
Launch the Eclipse client from a command prompt using the following command: 
eclipse -vmargs -Djavax.net.ssl.trustStore="drive:\path\to\certificate\my.keystore" -Djavax.net.ssl.trustStorePassword=myPwd
Corticon Java Server exposes several REST endpoints that can be leveraged through Swagger to perform certain administrative tasks, execute a decision service, or perform batch processing.